[vox] Exploits for non-admin accounts in Windows?
Ryan
cjg5ehir02 at sneakemail.com
Wed Mar 23 23:01:01 PST 2005
On Wednesday 23 March 2005 09:32 pm, Richard Crawford
rscrawford-at-mossroot.com |lugod| wrote:
> Yes, it's a Windoze question, but I'm trying to make a point with
> someone who wants to build me a crippled computer for my development
> workstation.
>
> I was told today by the IT manager in our office that if you don't run
> your Windows computer as an administrator, you never need to worry about
> adware and spyware and viruses. This seems like an awfully fishy claim
> to me, but maybe I'm just over-paranoid. Am I?
As Greg said, crap can still pwn the user account. Besides that, there are
plenty of methods of privlage escalation on windows boxes. Do a google search
on 'shatter attacks', for an example that immediatly comes to mind. I'm sure
there are plenty of other privlage escalation tricks.
I've heard of any software actualy tring to escalate privlages on a user
account, but that doesn't mean that there isn't any, or won't be any.
--
Ryan Castellucci - http://ryanc.org/
GPG Key: http://ryanc.org/files/publickey.asc
More information about the vox
mailing list